rcdevs
Goto Top

How about swapping password rotation fatigue for real-time leak detection?

Hi there!

Traditional password rotation policies, while meant to enhance security, can lead to user fatigue and even weaker security as users struggle to keep up with frequent changes. Instead, real-time password leak detection offers a more effective and user-friendly approach. By actively monitoring for compromised credentials, real-time checks alert users the moment a password is detected in a data breach. This proactive approach minimizes disruption, enhances security, and provides peace of mind, all without the burden of constant password changes.
Is real-time leak detection the future of password management? What do you think?

Content-ID: 669486

Url: https://administrator.de/contentid/669486

Ausgedruckt am: 14.11.2024 um 13:11 Uhr

kpunkt
kpunkt 14.11.2024 aktualisiert um 11:51:01 Uhr
Goto Top
Nah....How real-time is real-time? And who notices the data breach? If it's breached by capable people, it will take months for the breach to be discovered.
The problem is not the management of passwords, but the passwords themselves.
catrell
catrell 14.11.2024 um 11:51:15 Uhr
Goto Top
Spam Spam Spam ...
kpunkt
kpunkt 14.11.2024 um 11:53:10 Uhr
Goto Top
Ja, aber er war zu blöd den Link zu setzen. Von daher kann man ja mal....
catrell
catrell 14.11.2024 aktualisiert um 11:53:52 Uhr
Goto Top
Quote from @kpunkt:

Ja, aber er war zu blöd den Link zu setzen.
Kommt bestimmt noch.
tomolpi
tomolpi 14.11.2024 um 11:54:54 Uhr
Goto Top
Quote from @catrell:

Quote from @kpunkt:

Ja, aber er war zu blöd den Link zu setzen.
Kommt bestimmt noch.
Die Moderation wacht hierüber 😉
rcdevs
rcdevs 14.11.2024 um 12:01:36 Uhr
Goto Top
The system checks passwords against a database of millions of known weak or leaked passwords. The process starts with locally hashing the user's password. Only the first five characters of the hash are then transmitted and a service compares this partial hash to its database and returns possible matches, allowing verification if the full hash is compromised locally.
catrell
catrell 14.11.2024 aktualisiert um 12:24:00 Uhr
Goto Top
So which system do you recommend?
rcdevs
rcdevs 14.11.2024 um 12:28:59 Uhr
Goto Top
We implemented this in the OpenOTP server, but the purpose of the post was to gather feedback on whether it would be beneficial for companies and users (for users for sure) to replace the traditional password rotation routine with this type of mechanism.
catrell
catrell 14.11.2024 aktualisiert um 12:34:52 Uhr
Goto Top
Reingefallen ... sag ich doch ... Eigenwerbung.
rcdevs
rcdevs 14.11.2024 um 12:40:34 Uhr
Goto Top
You asked, I replied.
Your comments aren't really relevant. face-smile
Other solutions, like Google and Apple, also offer similar features for personal accounts.
Would companies change their minds with this kind of feature... Here is the question
kpunkt
kpunkt 14.11.2024 um 12:46:35 Uhr
Goto Top